This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
PHP stands for Hypertext Preprocessor, it is a famous and widely used server-side scripting language to produce dynamic web pages and web development. PHP code will integrate into HTML source document and it will compile by PHP processor module in a web server in order to generate web page document send back to client side. All the script and source document for PHP will only process in server-side and the client will never know the underlying code and source document content, it can prevent the explode the source code to users.
PHP code can generate images, query databases, read and write files and PHP support Apache, which is the majority most, used of web server in the world. In addition, PHP also support mySQL database which developed by Microsoft and it's free for all users and PHP built up many useful function to working with mySQL database. In other hand, PHP is open source which everyone can access and using the resource of PHP engine's source as much as you want and no any party will charge you any fee for support and licenses.
PHP can function well in both Command-line mode and Graphical base operating system and producing out appropriate outputs to suit the different of operating system. PHP is supported most of the web server as well as personal computer in the present days, the portability and platform independent characteristic were lead PHP become famous and widely used in web development and web page fields.
Paul Whitehead, Joel Desamero (2001, pg 3)
1.2 What PHP can do?
PHP is a server-side scripting which means PHP code will process in server-side and only send back the result of the code to clients, client may only receive a simple HTML file to display the result only, it can reduce the computer usage of the client because code executing had been done by the server.
Developer only require to install PHP parser either is CGI or server module, a web server and a web browser to their personal home machine, developer can experimenting with PHP programming, access the PHP program output with web browser and view the PHP webpage by using web server.
PHP can support command line scripting which is a PHP script without server or browser and it just require the PHP parser. Command line script can process some simple text task.
PHP can use on major of operating system market which including Linux, Unix (including Solaris, OpenBSD), Mac OS, Microsoft Windows and etc. In other hand, PHP can support different kind of web server which included Apache, Xitami, Caudium, Microsoft Internet Information Server, Netscape, Personal Web Server and so on. High elasticity and portability cause PHP become the favorite web development language for all web page developer.
PHP can generate the output in HTML format, beside HTML format, PHP can generate some dynamic PDF format file, images or even flash video file. In addition, PHP can simply generate any text in XHTML or even any XML file format.
PHP can support wide range of database which provide convenient to different developer, PHP supported database which is dBase, MySQL, IBM DB2, Oracle, Unix dbm and etc. PHP also can support the world standard Open Database Connection Standard (ODBC), which mean developer can connect any other database which is support ODBC.
2 BASIC OF PHP
2.1 How PHP Works
The following procedures will show that sequence of client request a PHP file:
Client request a webpage from web server with a .php extension or any other extension set treated as PHP file.
Web server will request the PHP parser which is built in web server binary or CGI (Common Gateway Interface).
The PHP parser will scan the requested file for PHP code.
Once the PHP parser found the PHP code, PHP parser will executes that code and generating output into a file which occupied by the code.
The Web server will send back the output file to client's web browser.
The client's web browser will display the output or result to client.
When a client request a webpage from web server, if the webpage is ready to sent back to clients, that webpage known as static webpage. However PHP can provide customized webpage to client whenever client request that webpage from web server, which mean web server will process the PHP code and generate customized webpage to client depending on IP address of the client, time of day, different of web browser or etc.
Some PHP based webpage allow client to set their prefer customization such like background color, word size, word font, background music and so on, all this customization setting can be stored in web server database by defining username or store those setting in client side cookies once the client logoff the webpage. Whenever the client request again the web page from web server, the web server will retrieve the customized setting from web server database or client's cookies file and generate the dynamic web page to the client accordingly.
Beside that, some PHP based personal blog webpage allow users to upload some personal picture and setup their own web page with the design of every different section and client can even customize their personal webpage will display different thing to different visitor. Besides, PHP code can capture the counting of visitor that view the personal blog webpage, whenever a new visitor view the webpage, the PHP code will increase the count of views for the webpage.
Lastly, all the PHP code had completely process by web server which means the webpage sent to client does not contain any PHP code and only the result will given to client.
Figure 2.1 clearly show that the process of whenever the client request a PHP website, the web server will process all the PHP code and getting some needed information from database or even mail server, after PHP parser process done and the result will return to web server, web server will only send back some simple file format webpage with the result processed such like HTML file to client's web browser.
Meloni, Julie( 2003, pg 30)
2.2 Advantages of Using PHP
The following advantages clearly show that the reasons of PHP grow rapidly in web development field:
Fast response and efficiency - all PHP code will only executed in web server, the web server will only send output file like HTML file format to client's web browser, HTML file take very short time to process and display the output.
Free open source - users can utilized the resource as much as they want without getting any charge from any party.
Platform independent - PHP can run on most of the operating system in the market such like Windows, Linux, Mac OS or even UNIX.
Easy to learn and implement - Syntax for PHP is easy to understand and implement for even non-programming basic personnel. When using PHP for developing web sites, PHP code is designed to be included easily in a HTML file.
Technical support is widely available - A widely range of technical support was available in online resource, users can simply found some website that teaching the syntax of PHP, database and PHP and etc, some PHP technical support website likes www.php.net, http://www.w3schools.com/php/default.asp. Besides that, the development team of PHP also provides e-mail support to clarify some advancing problem that face by users.
Secure and reliable - Client that request PHP webpage cannot explore the source PHP code if developer of the webpage designed the PHP code correctly.
Customizable - Although PHP is an open source and it's free for everyone, however, it allow developer to modify the PHP code to add some new features to suit their own webpage environment and PHP provide some significant control over the environment in order to reduce the failure of the PHP code.
Janet Valade (2004, pg 10)
2.3 Development Tools for PHP
Eclipse software is development environment which including IDE ( integrated development environment) which means it's a package that included a source code editor, compiler and debugger for programmer to develop their software and website. Eclipse is a multi-language such like Java, C, C++, COBOL and etc, Eclipse PDT is an extended software by Eclipse which is only support PHP development.
XAMPP is an open source cross-platform web server package which is included Apache HTTP server, MySQL database and etc. XAMPP allow developer test their designed webpage in their own personal computer, which mean it built up a virtual web server to convenient developer without access to Internet, beside that, XAMPP also disable some of security features in order to easier developer work.
(Kai 'Oswald' Seidler, 2010)
Web browser based PHP Development Tools
A website allow user to hosting web server for themselves, beside, it provide free PHP webpage hosting and free mySQL database for users to create their database by using SQL query and backup their database as well.
Web browser based development tools website is fully convenient for developer to develop their webpage in anywhere and anytime without their own desktop or notebook, it's just require Internet connection and any computer in order to continue their development. One of the famous web browser based PHP development sites is: http://www.freewebhostingarea.com/
2.4 Comparison of PHP Variable with ASP.NET Variable
The function of variable in every programming language is storing values like integer, strings, array and etc, variable in PHP declaration start with $ symbol. Beside that, variables in PHP does not need to define the variable type such as array, integer, strings, PHP will automatically convert the variable to correct data type. In addition, variable declaration included a few rules which is variable name must start with a letter or an underscore ( _ ), variable name cannot contain any spaces and variable name can only contain alpha-numeric character and underscore which is a-z, A-Z, _ and 0-9. Figure 2.2 below was show the example of PHP code for declaration of variable:
(Refsnes Data,w3schools 2010)
Figure 2.2 Figure 2.3
Figure 2.3 above was show the example of C# ASP.NET code that declaring the variable, if developer using ASP.NET to develop a website, developer require to declare the variable before putting in value. However, PHP does not require declaring the variable data type before using it because PHP will automatically convert the variable into correct data type. In other hand, in ASP.NET code, after developer declared the variable, after input some wrong data type value into the variable, it will had some compilation error. Hence, PHP code was more flexible and time saving when development stage comparing to ASP.NET code.
2.5 Comparison of Database Connection Between PHP and ASP.NET
MySQL is free databases that allow multiple user access to the database. To enable a PHP webpage access a database which stored in MySQL server, developer must establish the connection to the MySQL with mysql_connect() function that included in PHP code. The syntax of mysql_connect() was show in Figure 2.4, the servername parameter represent the server that want to connect, the username parameter is represent the username to login to the database, the password parameter represent the password of the username to login to the database.
Figure 2.5 was the PHP codes that enable developer to establish the connection to database in localhost which is the MySQL was running on the same computer and with username "admin" and password "admin123". If the MySQL does not setting with a username or password, user can just simply put empty strings ("") for both parameter. The mysql_select_db function allows developer to choose the correct database in the connection. When a PHP script that open a MySQL connection, the connection will automatically close once the PHP script was finish executed. In other hand, developer can manually close the connection by using mysql_close() function before the PHP code ended , the last part of PHP code included in Figure 2.5 was show the way how to close the connection manually by developer.
Paul Whitehead, Joel Desamero (2001, pg 184)
Figure 2.6 was show the ASP.NET code for connect to MySQL database by using ODBC connection. Developer must import the ODBC class before start the connection that connects to MySQL. The ConnStr string in Figure 2.6 second part of code was the main code that requires to declare to connect to MySQL by using ASP.NET to develop a website. The OdbcConnection connection and connection.Open() function in Figure 2.6 third part is the code for open the connection between the code and database.
ASP.NET code that require to connect to MySQL database is more complicated which comparing to PHP code. PHP provide a function which is mysql_connect() function to allow developer direct connect to MySQL database, however, ASP.NET require to import a ODBC class in order to open a connection to MySQL database. PHP coding is much simpler and easy compare to ASP.NET, PHP provide built in MySQL function in order to provide more convenient developer.
In the starting of chapter 2 was clearly stated the PHP works flow which is a starting with a client request a PHP website with web browser until the client get the result and display on the web browser. Besides that, the advantages of PHP included in this chapter was show that PHP had a lot of benefit such like PHP is an open source and PHP is platform independence characteristic when a developer using PHP scripting language to developer a website.
In other hand, several of developments tools information was clear show out developer can using different type of tools to start the development of PHP website and every different of development tools had different strengthen in different fields, however, developer can choose the most suitable development tools to fulfill their requirement.
Lastly, in the end of the chapter included comparison of PHP and ASP.NET code in variable declaration and MySQL database connection, after the comparison of PHP and ASP.NET in that 2 fields, PHP was more flexible and simple coding in variable declaration and MySQL database connection comparing to ASP.NET.
3 PHP Security
A completely error-free and secure system, application, websites are impossibility in real time due to the internet world had a minority group of hackers trying to get their reputation for themselves by attacking your websites, breaking your code, explore your loophole on your websites or even posting some irrelevant content in your website without authority.
However, become a developer for a site are responsible to increase the security of sites and reduce the possibility of become a target of the minority group of hackers.
3.1 Error Reporting
Error reporting will provide some useful information to developer to know what error occur on the website, error reporting will provide some hints for developer to fix the bug and problem. However, when a anonymous user request a webpage from web server, once the webpage was failure and show out a detail error log to a anonymous, it will giving all the detail information to the anonymous and the webpage vulnerabilities will exposed to public, some irresponsible attacker will using the weakness or loophole of the website to start their attacking or crashing action to the website.
Therefore, developer should disable the detail error reporting function on their production environment (real-time websites that hosting in web server) in order to avoid exposing the weakness or loophole of a website to public. However, the error reporting function should enable in development environment which is the personal computer of the developer in order to let developer himself to check the error log to fix some bugs and error.
In php.ini file which is always included in the web server, below are showing the few directive name that relevant to the topic mention above,
display_errors : a directive that control whether the error reporting will display on the screen or not.
error_reporting: a directive that control which error should be display, this option should set the value become E_ALL which means all the error will display to user.
log_errors: a directive that control whether all the error should be save in a log file or not.
error_log: a directive to let developer to set their path to save the error log file.
Table 3.1 Recommended Value for Directive
Table 3.1 show up the recommended value for developer when changing the value in php.ini file in order to disable the detail error reporting on production environment.
Mehdi Achour, Friedhelm Betz(2010)
3.2 Hiding PHP
One of a way to increase the security of a website is hiding the website PHP language using, by using hiding PHP, the website language using will not directly exposed to public. Developer can setting "expose_php" directives to "off" value which included in php.ini file, this option can hide some important information of website to public.
In other hand, developer can using another techniques which is configure web servers parse different file type through PHP with .htaccess file or apache configuration file, developer can using this way to create confusion file extension to public.
Figure 3.1was show the code to hiding PHP extension become another language extension such like .asp, .py, .pl :
Figure 3.2was show the code to hiding PHP extension become some unknown file type extension such like .abb, .a123, .f33d :
Figure 3.3 was show the code to hiding PHP extension become HTML type extension
Mehdi Achour, Friedhelm Betz(2010)
3.3 Session Fixation
A very common attack which is session fixation, this attack tactic was simple if the attacker can obtain a valid session identifier. By using this tactic, the attacker can impersonate a user by using the user's session identifier. Figure 3.4show the HTML code of a hyperlink with an embedded session identifier:
Once a target of attacker click on the "Log In" hyperlink above and resume the session identified as "abcd", and if the target of attacker log in their user account, the attacker can using the victim's session to impersonate the user and the attacker can do something same with the user's privilege level.
Fortunately, there is a simple way to prevent this problem occur, which is regenerate the session identifier with directive session_regenerate_id(), Figure 3.5 was show the PHP code which is regenerate the session id once the user login:
By using the session_regenerate_id() can prevent the session fixation which is avoid any hacker to hijack and impersonate any other user to do malicious action in website because it can ensure every user who in is assigned a randomly and new session identifier.
This chapter was concern the PHP security which is allows developer to increase the protection of vulnerability for website. The first part in this chapter which is error reporting is describe developer should hidden all the detail error report and page failure message from public in order to increase the security of PHP website because the detail error report can show out the weakness of the website to anonymous and the risk of getting attack was increase as well.
Besides that, the second security feature included in PHP is hiding the extension of file from public and reduce the risk of getting attacking from malicious hacker because hiding the extension can confuse the anonymous that the PHP base website is develop with other language because the real .php extension had been changed to other language extension or unknown extension.
Lastly, the session fixation was clearly stated out the way for developer to assigned a new session id for every user login in order to avoid some malicious attacker using session identified to impersonate other user.
4 CRITICAL EVALUATION
None of a programming language is completely secure, bug-free and can fulfill every field of software, application and websites. However, PHP is a great scripting language for a developer or even non-programming skill basic developer to start to develop their websites. ASP.NET is a competitor of PHP in development website field. I'm here to using ASP.NET to do comparison with PHP and clarify the advancing and benefits of using PHP to developing a websites.
4.1 Introduction to ASP.NET
ASP.NET is a Microsoft developed technology for server side scripting that enable the code or script executes in a internet server. ASP.NET is software that runs in a Microsoft's Internet server call as Internet Information Services (IIS). ASP.NET is a web application framework which is designed to support and provide convenient to web developer to create dynamic websites, web application and web services. ASP.NET is built based on CLR (Common Language Runtime) and so ASP.NET allow programmer write ASP.NET code in any type of .NET language such like C#, C++, VB.NET, Jscript.NET and etc. ASP.NET was developed by Microsoft and the first released of ASP.NET on January 2002 with .NET Framework version 1.0. Besides, ASP.NET also support database access which is using the world standard of ODBC which mean ASP.NET can communicate with any database that support ODBC standard. Below will show the procedure of how ASP.NET works:
When a client using web browser request an ASP.NET webpage, IIS will pass the webpage to ASP.NET engine in web server.
ASP.NET engine will execute all the code and scripts and process the result.
The web server will return the result in HTML to client's web browser.
(Refsnes Data,w3schools 2010)
4.2 Comparison of ASP.NET with PHP
Free - no any charges will claim by any part
Free - Users can utilize all the resources with genuine Windows license.
Free - without any licensing cost
High Licensing Cost - Microsoft will charge for license or upgrade fee especially for business company and organization
Table 4.1 Cost Comparison
Cost Consideration: In Table 4.1, it clearly show out the 2 different cost of both server scripting language, although both development software are free of charge but ASP.NET require a Windows base platform in order to start develop a dynamic webpage. Windows license cost is quite high for individual and the license contract and cost for business company and organization is troublesome and require to pay some annual license or upgrade cost. If using ASP.NET to create a dynamic webpage, developer must pay for a Windows platform license. However, PHP development can work on different of operating system such like Windows, Linux, Mac OS, which means the development not necessary to acquire a specific operating system in order to start the development of webpage.
Jason M. Hanley (2010)
Multiple - Can support Windows, Linux, Mac OS or UNIX and etc.
Limited - Windows only
Table 4.2 Platform Comparison
Platform Consideration: In Table 4.2 show out the PHP and ASP.NET supported platform, by using ASP.NET to develop a website, developer will unable to change the platform of operating system because the ASP.NET only support in Windows based platform, so if using ASP.NET to develop a website, the developer will facing the platform independent issue which it will only limited the developer forever using the Windows based platform for further development. In other hand, if developer using PHP for website development, the developer can switch to other operating system for further development because PHP can support major operating system in market such like Linux, Mac OS, Windows, UNIX and etc.
Development Software Requirement
Single software- XAMPP(A package that including Apache HTTP server, MySQL database)
Many software required- Internet Information Services (IIS), Services Pack 2 for Windows 2000, Microsoft .NET Framework, Microsoft .NET Software Development Kit (SDK) or Microsoft Visual Studio
Table 4.3 Development Software Requirement
Development Software Requirement Consideration: In table 4.3, it shows out some software that compulsory to install into the developer's platform before start to develop some websites. By using ASP.NET to develop a website, developer require to many external software in order to start their development, those required software needed by ASP.NET was large and it estimate require few GB of file, it require a high bandwidth and much of time to download all the required software before start to develop a website. However, XAMPP is a full package of all necessary software which only 50-100 MB for all different operating system, developer only require to download XAMPP then can start to develop their PHP website. PHP only require a single software to start develop a website, it's much more time saving and flexibility.
Functional and quick coding
Longer coding compare to PHP code Table 4.4 Programming approach comparison
$text = "Welcome to PHP";
text = "Welcome to PHP"
Programming Approach Consideration: In Table 4.4, it stated PHP is much simpler and easy to learn by a developer although the developer does not have any programming language basic also can learn PHP in a short time period. Figure 4.1show out the PHP code for output a simple phrase in HTML format, PHP variable does not require to declared before adding value to it, beside that, PHP variable does not require to specific the data type such like Integer, String, Double because PHP will automatically convert the variable to correct data type. Figure 4.2 shows out the ASP.NET source code for out a simple phrase in HTML format, developer require declaring the variable before adding value into it. However, the PHP code is much easier to learning, easy to understanding and shorter coding comparing to ASP.NET.
Low - PHP just a scripting language to develop a website
High - ASP.NET is a scripting language which require .NET large framework so it require higher hardware requirement in order to run smoothly
Table 4.5 Hardware requirement comparison
Hardware requirement consideration: In Table 4.5, it stated that ASP.NET require .NET framework and some other sub software in order to start the development stage which means if developer using ASP.NET to develop website, the developer require some higher spec of device in order to run all development tools smoothly. However, PHP just a simple script language and it can run smoothly in low requirement platform also.
Fast - PHP parser only executes those PHP code and return result to web server and client.
Slow - ASP.NET included object-oriented model which lead ASP.NET coding is requiring more time to execute and generate those result.
Table 4.6 Performance comparison
At the end of my seminar, there does not had a scripting or programming language is completely fulfill every developer in the world, however, every different of language had their strength and weakness, so it was depend on the developer strength and specialist on which type of language.
In other hand, security is the one of important part in a website or application, however there does not had any language that can guarantee error-free and fully avoid any attacker from the world-wide. Thus, every type of language provides some security feature for developer to increase the security and reliability of website and application.
Lastly, PHP is the suitable server-side scripting language for my final year project web base environment system and it fulfills most of the requirement. However, I will not define PHP is the best language in the website development field but it will be the most suitable for my stage on develop a web browser module for my system.